Our first misc challenge! This one felt reminiscent of overthewire’s Bandit series, which are a good introduction to the command line.
GNU Coreutils are too bloated.
That's why minimalists use Busybox.
But the TRUE masters don't even need that.
flag.txt is around here somewhere ~_~
but I lost it in this cluttered filesystem o_o
can you help me find it? UwU
^-^ ls
bash: ls: command not foundSo, we’ve got nothing to work with besides bash builtins. This is gonna be hard! We unfortunately can’t mount the filesystem remotely, as the machine we ssh to isn’t the machine that the challenge is located on.
sshfs noutil@chal.ctf-league.osusec.org:/ ~/temp
noutil@chal.ctf-league.osusec.org's password:
remote host has disconnectedSo! What do we have access to? Tab completion, for loops, echo, cd, variables, globbing, and functions. We can use these bash builtins to build some functionality that might be helpful.
^-^ cd /
^-^ echo *
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr varOK, so echo * is basically ls. From here, we can start recursively jumping around directories and looking for a file named flag.txt.
Most recursion requires a function that calls itself, so let’s start with that.
function find {
find;
}👍
Now simply write the necessary functionality!
function find {
for f in *;
do if [[ -d $f && ! -L $f ]];
then
cd "$f";
find;
cd ..;
elif [ $f == 'flag.txt' ]
then
echo `pwd`/$f;
fi;
doneLine by line:
function find {
for f in *; # Loop through all files in current directory
do if [[ -d $f && ! -L $f ]]; # If is a directory and not a symbolic link
We don’t want to follow symbolic links, as that could lead to infinite loops, as well as breaking our depth-first search.
elif [ $f == 'flag.txt' ]
then
echo `pwd`/$f;
fi;Our base case! This is pretty self explanatory.
So, what does this function do when run?
^-^ find
bash: [: too many arguments
/usr/lib/share/misc/flag.txtNice! Let’s print it out by reading the contents and “executing” them.
$(</usr/lib/share/misc/flag.txt)
bash: osu{b4$h_i5_p1en7y}: command not found